North Dakota-based TV station Valley News Live had more than 1.8 million files from its job portal leaked due to a misconfigured Amazon AWS S3 storage bucket, according to Cybernews.
Over a million of the exposed files were applicants' resumes and CVs containing names, phone numbers, home and email addresses, birthdates, employment histories, educational backgrounds, and social media links, more than 50% of which were gathered between 2017 and 2024, reported Cybernews researchers, who warned about the potential cybersecurity risks stemming from the leaked details.
"The exposed data includes highly sensitive personal identifiers, creating numerous attack vectors for cybercriminals, where personal information can be used to create synthetic identities or fraudulent accounts," said researchers, who added that the Gray Television subsidiary has yet to respond to the notifications they have given.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. Threat actors exploiting SimpleHelp RMM: In a LinkedIn post, ConnectWise noted that security researchers have identified active exploitation of vulnerabilities in SimpleHelp's Remote Monitoring and Management (RMM) software. The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, enable threat actors to transfer files, execute commands remotely, and escalate privileges within affected networks, according to the research. SimpleHelp released security updates between January 8 and 13, 2025 addressing these issues. However, within a week of public disclosure, threat actors began leveraging these vulnerabilities in targeted attacks. Patch now!
2. Searchlight Cyber acquires Assetnote: Searchlight Cyber has acquired Brisbane, Australia-based Attack Surface Management (ASM) company Assetnote. The deal is Searchlight's first acquisition after its investment from Charlesbank Capital Partners in January 2024. Assetnote, founded in 2018, provides continuous vulnerability discovery and management services to customers including Linktree, Afterpay, and Canva.
3. Chrome extension attack: BleepingComputer reports that threat actors could covertly hijack devices through the new multi-stage Browser Syncjacking attack that involves a trojanized Chrome extension. Attackers first establish a malicious Google Workspace domain via user profiles without multi-factor authentication. They then publish a seemingly legitimate browser extension on the Chrome Web Store, and lure targets into downloading the extension, according to an analysis from SquareX. Stealthy logins to one of the attacker-controlled Workspace profiles open the legitimate Chrome support page, prompting targets to activate Chrome sync. Once done, attackers can access device data and the breached profile.
4. Wacom breach: Japanese graphics tablet manufacturer Wacom has disclosed the potential compromise of its customers' personal and credit card information following a breach of its online store that may have happened from Nov. 28, 2024, to Jan. 8, 2025, The Register reports. Wacom said it has already resolved the issue that prompted the incident while urging breach notification recipients to be vigilant for unauthorized activity in their credit card statements, promptly report suspicious charges, and set fraud alerts for their credit cards.
5. Broadcom patches VMware Aria flaws: Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The Hacker News lists the various CVEs, and notes that VMware has already issued patches; none of these have been observed in the wild.
